For a policy group, make sure the subject added to the group is a group, not individuals
GSH example
grouperSession = GrouperSession.startRootSession(); ruleGroup = GroupFinder.findByName(grouperSession, "test:testGroup", true); AttributeAssign attributeAssign = ruleGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate(); attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); attributeValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); attributeValueDelegate.assignValue(RuleUtils.ruleIfConditionElName(), "\${safeSubject.sourceId != 'g:gsa'}"); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.veto.name()); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), "rule.entity.must.be.a.group"); attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "Entity must be a group"); String isValidString = attributeValueDelegate.retrieveValueString(RuleUtils.ruleValidName()); if (!GrouperUtil.equals("T", isValidString)) {throw new RuntimeException(isValidString);}
1 Comment
Chris Hyzer (upenn.edu)
so you are saying for all policy groups you only want groups added to them? across the board?